udp: drop skb extensions before marking skb stateless
authorFlorian Westphal <fw@strlen.de>
Thu, 21 Nov 2019 05:56:23 +0000 (06:56 +0100)
committerDavid S. Miller <davem@davemloft.net>
Fri, 22 Nov 2019 17:28:46 +0000 (09:28 -0800)
commit677bf08cfdf9ee411c2084157f15d85edb09a81a
tree291eb5fab8488e13ce843160bdc5a0fd7a5c936b
parentff08ddba3a55caadd0ae531975b06b407d008ae7
udp: drop skb extensions before marking skb stateless

Once udp stack has set the UDP_SKB_IS_STATELESS flag, later skb free
assumes all skb head state has been dropped already.

This will leak the extension memory in case the skb has extensions other
than the ipsec secpath, e.g. bridge nf data.

To fix this, set the UDP_SKB_IS_STATELESS flag only if we don't have
extensions or if the extension space can be free'd.

Fixes: 895b5c9f206eb7d25dc1360a ("netfilter: drop bridge nf reset from nf_reset")
Cc: Paolo Abeni <pabeni@redhat.com>
Reported-by: Byron Stanoszek <gandalf@winds.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/skbuff.h
net/ipv4/udp.c